KSC Open API
Kaspersky Security Center API description
|
List of event filter attributes is presented below.
Name | Type | Description |
---|---|---|
"GNRL_EA_SEVERITY" | paramInt | Event severity. May have the following values:
|
"KLEVP_EVENT_PRODUCT" | paramString | Product name *. |
"KLEVP_EVENT_INTERNAL_VERSION" | paramString | Product version name *. |
"KLEVP_EVENT_DISPLAY_VERSION" | paramString | Product build. |
"KLEVP_EVENT_VERSION" | paramString | Either a display or an internal product version, depending on the context (obsolete). |
"KLEVP_EVENT_HOST" | paramString | Host name. A unique server-generated string. |
"KLEVP_EVENT_TASK_NAME" | paramString | Display name of the task. |
"KLEVP_EVENT_HOST_DISPNAME" | paramString | Display name of the host. |
"KLEVP_EVENT_HOST_GROUP" | paramString | Name of the group where host is located. |
"KLEVP_EVENT_GROUP_TASK_ID" | paramString | String identity of the task that published the event. See TASK_UNIQUE_ID. |
"EVP_INCL_GNRL_EVENTS" | paramBool | Include general and specific product events. False by default. If set to true for a local task history, the parameters "KLEVP_EVENT_TASK_NAME" and "KLEVP_EVENT_PRODUCT" must be also set. |
"EVP_INCL_TASK_STATES" | paramBool | Include events on task states changes; optional; false by default. |
"KLEVP_EVENT_TYPE" | paramString | Name of the event type. For example:
|
"KLEVP_EVENT_GNRL_TYPES_ARRAY" | Array of (paramString) | List of the event types names, similar to "KLEVP_EVENT_TYPE". Optional. |
"KLEVP_EVENT_GNRL_TYPE" | paramString | Interesting general event type (not task state change event), to be used when "EVP_INCL_GNRL_EVENTS" = true. Optional. |
"KLEVP_EVENT_TSK_STATE_TYPE" | paramString | Interesting task state change event type ("KLPRCI_TaskState" or "KLEVP_GroupTaskSyncState"), to be used when "EVP_INCL_TASK_STATES" = true. Optional. |
"task_new_state" | paramInt | Task state (for events of type "KLPRCI_TaskState"), to be used when "EVP_INCL_TASK_STATES" = true. Optional. The following values are possible: Group task state enum. |
"EVP_LAST_EVENTS_ONLY" | paramBool | Include only the last task states, instead of all events on task states changes. Don't use with "EVP_INCL_GNRL_EVENTS" = true. Optional. False by default. |
"KLEVP_EVENT_RISE_TIME_LEAST" | paramDateTime | Earliest time when the event was published, in UTC. |
"KLEVP_EVENT_RISE_TIME_GREATEST" | paramDateTime | Latest time when the event was published, in UTC. |
"KLEVP_EVENT_RISE_TIME_LAST_DAYS" | paramInt | Maximum period since the event was published until the moment of the event search, in days. |
"KLEVP_EVENT_HOST_IP_FROM" | paramInt | Start of the IPv4 diapason. |
"KLEVP_EVENT_HOST_TO" | paramInt | End of the IPv4 diapason. |
"KLEVP_EVENT_DOMAIN" | paramString | DNS suffix. |
"KLEVP_EVENT_NT_DOMAIN" | paramString | Name of the NT domain. |
"KLEVP_EVENT_HOST_NETBIOSNAME" | paramString | Host windows (NetBIOS) name. |
"KLEVP_EVENT_RI_NEED_REBOOT" | paramBool | Need reboot flag is set by the event, for "EVP_LAST_EVENTS_ONLY" = true only. |
"KLEVP_EVENT_RI_ERR_REASONS" | Array of (paramInt) | Set of remote software installation fail reasons, see Software installation error classes enum, for "EVP_LAST_EVENTS_ONLY" = true only. |
"KLEVP_RFC2254_FILTER" | paramString | Additional general RFC2254-like filter string (see Search filter syntax) which can be constructed using supported event attributes. see List of event attributes for attribute names. For example, to find events from a virtual server with ID 7, having identity more than 1234567, with severity "Error" (3) or "Critical" (4), and type "GNRL_EV_VIRUS_FOUND" or "KLPRCI_TaskState": "(&(KLVSRV_ID=7)(event_db_id>1234567)(|(GNRL_EA_SEVERITY=3)(GNRL_EA_SEVERITY=4)(|(event_type="GNRL_EV_VIRUS_FOUND")(event_type="KLPRCI_TaskState"))))" |
"EVP_FTX_QUERY" | paramString | Full-text search condition. See Full-text attribute. |
"EVP_MAX_EVENTS_COUNT" | paramInt | Result set must not contain more that specified number of event records. |
"EVP_INCLUDE_VS" | paramBool | Include data from virtual servers. Optional. True by default. |